I created a Cloud Console application for my blog on Google Cloud platform.

Under my console app, I created a MySQL database (Cloud SQL) that , Busket (Cloud Storage). I need to enable the billing which requires the credit card information before creating the database.

I also upgraded the Google App for Business, which will cost you $5 per month, so that I can add the custom domain.

I followed “Running WordPress in App Engine” document to install SDK, create the config files and manage to deploy it from my local machine to Google app engine.

So far so good but the problems come when I start the migration.

Google App Engine for WordPress Plugin

Google released an official plugin for wordpress but all it does is to remove the nice user experiences provided by wordpress team. For example: The sub-menu for Plugin is gone after activating the “Google App Engine for WordPress” plugin.

And you can’t find/install any theme in “Appreance\Themes” page.

I understand that Google wants us to install the theme or plugin in local machine and deploy it to Cloud service but why? We don’t have Google SDK on each and every machine. We, wordpress users, are able to search and install the plugin/theme since long time back and its one of the coolest feature provided by wordpress team.

No direct access to public from Google App Engine

This makes a lot of things failed for wordpress users. Akismet is the most popular plugin provided by official wordpress team for us to fight the spammers but now, that plugin doesn’t work. I am not sure how many plugin will not work on Google App Engine.

It’s the one of the reason why Google’s plugin doesn’t allows user to search/install new theme or plugin directly from the blog.

I saw some solutions in google search but come on! you guys already know that every single person who are using wordpress and activate this plugin will get this error. why don’t you fix it before you release? or, it would be nice if you can provide the official solution in readme or somewhere. Ok. it’s not an official plugin from Google but you guys can mention is in your document “Running WordPress in App Engine“.

Cost

Ok! I deployed my blog a couple of times but Google is charging me “0.31” USD already. As you can see in the chart, there are a few requests. It’s because Google cron job is doing the call every 2 hours as the requirement of Google App. I think it’s going to cost me a lot more compared to Dreamhost but of course, Google might be able to provide a better up-time so I have to see how much it’s going to cost me.

I am still having problem with mapping my custom domain in Google App but I will post about it later.

I understand that Google App engine for PHP is still in early stage. but if you think you can migrate your blog to Google just like that then you need to think twice. Initially, I thought I should be able to migrate my blog within one or two days. But with all those broken plugin and etc, its gonna take a good amount of time to get the full working version of my blog even I used to use PHP language before.

Please feel free to share your experience if you are also migrating your existing blog to Google App engine.

Touchality run a metro style theme contest “Design for Windows Phone 7 Metro UI WordPress Theme” for their blog on 99designs.com. The wining award is $1,023. Six designers submitted 33 designs for that contest. By the time when I checked the contest, the winner was already chosen and the contest was completed so I didn’t manage to see all of the designs but here is what I got.

All credits go to the original designers and people from Touchality and 99designs.

Update:

Patrick Yong shared a working copy of wordpress theme in his blog. You can download it from this link if you like the screenshot below.

It’s true! Digg hates me. We were friends a few years back. The bloggers around the world submit the awesome links to you and you helps us to give some traffic for our blog. It is win-win situation for both sides. I didn’t know that things has been changed until I submit one of my posts to that site today.

I got this error below as soon as I enter my link in yours. Look at the screenshot. How bad is that? Your development team didn’t create the overlay message properly and your QA failed to find out about it.

I’m sure you can’t even read your own message so I posted the text below.

Stop right there criminal scum!

This page may be a forgery or imitation of another website, designed to trick users into sharing personal or financial information. Entering any personal information on this page may result in identity theft or other abuse

It’s not the first time that you treat my site like a spam site, Digg! I will show you the email history that I and your support team had a couple of months back.

Digg Support – Nov 18

Hello mchlsync,

We use the Google Safe Browsing API to help prevent spam and malware from getting submitted to Digg.com. It appears that Google has flagged that domain. For more information please check the link provided below:

http://code.google.com/apis/safebrowsing/

I went to Google Web Master tool and checked my site. I found no issue, Digg!

I replied to your support with this screenshot.

Digg support team – Nov 19~

Hello,

We’ve contacted our development team who are investigating the issue, and will fix it as soon as possible. Please don’t hesitate to contact us should you have any further questions.

For more information, please see Digg’s FAQ section (http://about.digg.com/faq).

Follow us on Twitter! http://twitter.com/digg

After a few hours on the same day, they asked me to try again.

Try again now, it should work. Let us know if you’re still having problems

When I checked it again, I found that the issue has been fixed.

But today, the issue show up again. I’m not sure how you guys are handling the regression issue but it’s not cool if this issue keep on coming back again and again.

Some of you know that my blog was under attack a few months back. I started taking care of my blog’s security as much as I can since then. One of the things that I did is that I installed WP-Malwatch to scan the suspicious activities on my blog everyday. That plugin is kinda useful tho.

I received a notification from that plugin saying that it’s suspecting some viruses on my blog this morning so I quickly logged in and scanned my current template manually on dashboard. I found one new file called backwp.php inside the theme folder.

I’m guessing that it might be the back-up file of Twently Eleven them but I couldn’t find any information from theme download page so I posted a question about that file on forum and am still waiting for the answer. Let me know if you have any idea about this file. For the time being, I deleted this file and tested my blog. It’s still working. I think that it’s very safe to delete that file.

Another weird thing which is happening since I started using “Twently Eleven” theme is that I’m getting this error often when I’m playing around in dashboard area. I tried contacting with people behind this theme and no reply from them.

This theme is awesome and it was created by the official wordpress.com team but after using it for a while, I realized that this theme comes with quite a few problem as well.. Maybe, it’s time for me to look for new theme..

Bad news! guys.. My blog was under attack for several times during this year. (Thanks to my readers who informed me about the problem.) I have successfully removed the injected script from my blog so it’s safe for you guys to read my blog again. (Actually, It was safe for you guys because the domain in the injected script is in the blacklist so the browser will automatically block you from accessing it. ) In this post, I will inform you about the injected script and the list of changes that I did to prevent this from happening again.

The attacker was targeting the footer.php file in the current theme that I’m using. The following script was injected in footer.php file.

The Injected Script

Fig 1: The injected script

Analyzing the Javascript

By looking at the script, I knew that that person was using Javascript function “unescape” to decode his encoded string. But I couldn’t say what he wrote in that encoded text. So, I used the online JavaScript Escape/Unescape Converter tool to decode the string.

I copied the whole text and paste it in “escape text” textbox and click on “Complete Unescape” button.

Here is what I got for the first conversion.

Fig 2: The decoded script - part 1

As you can see, the text was encoded twice so I copied the text between unescape brackets and converted it again in converter webpage.

Here is the second part of the decoded script.

Fig 2: The decoded script - part 2

But there are some % and number (e.g. %62 ) in the URL but it’s very easy to figure out what it is. I went to the “HTML URL Encoding Reference” page and I got the ASCII character for four numbers.

%20 = {whitespace}

%62 = b

%65 = e

%63 = c

The purpose of this script is that when user access my blog then it will show this site below in iframe. But luckily, this site is in black list so the most of browser will warm you or refuse to show that site so the attacker will not get what he wanted.

Fig 3: Black website

I thank to him for not deleting any data or etc. It encourages me to take good care of my site even I’m very busy. :)

What did I change to prevent this?

I changed the following things but honestly, I have no idea whether it will work or not. I will have to wait a few months or year to see the result. I’m posting this because if you are facing the same problem as I had and you don’t know what to do then you can probably try doing the same thing like I did. Please feel free to let me know if you have any better idea or suggestion.

Tips

Ensure WordPress and all plugins are up-to-date.

Delete all unnecessary plugins or themes that you are using in your blog. If you have other extra files in your host, do delete them as well.

Disable unused accounts in your host and change the password of current account that you are using.

Use auto-backup software or plugin or etc to back-up all files (including images, samples) and database.

Double-check the security setting of your blog (You can read the best practice for WordPress Security in this link Hardening WordPress ) If you are not familiar with those things then you should ask your hosting provider to help you or get someone to do this.

Install some security plugins. I installed the following plugins for security in my blogs

Introduction

This is a tool that helps you to download all of your images that you posted in your blog. This tool is created especially for WordPress.com users but it will support all other blogging softwares in future. You will definitely need this tool when you want to move your blog from wordpress.com to self-host.

Background

My blog was hosted on WordPress.com last year. I had too many images uploaded in my free space. When I wanted to move my blog to self-host, I noticed that there is no way to bulk-download all of my images from WordPress account to my local disk. I didn’t want to copy each and every images manually so I wrote this tool that can scan each and every urls from my blog and create the directory based on the URL. And then, download them into my local harddisk. It’s just 2 hours program that I wrote at that time. So, I’m sure that there won’t be all features that you want in this program. But don’t worry. Just drop a comment in this post. I will add the feature that you want in next release.

Click “Get Files” button to get the list of image URLs from your blog. (You may need to wait a few minutes while retrieving the list of images from your blog.)

After retrieving the list of Image URL, you can click “Download” button to download the images to your local disk. (You may need to wait a few minutes while processing. )

After that, you can check all of your images in “Downloaded Images” directory.

How does it work?

Note: This is for those who like to read the sourcecode and want an explanation about codes. If you are just a normal user, you may skip this section.

Firstly, the program will read the user name, password and blogurl from config file. It will append “xmlrpc.php” which is the standard XML RPC interface for WordPress at the end of blogurl string. Then, it will invoke getRecentPost() API of wordpress. I used opensource XML-RPC.NET library in this sample. As there is no getPosts() API in xmlrpc.php, we have to use the alternative method (getRecentPost() API) for retrieving the posts from the blog. The max number of posts is set to 1000 in the program. If you have more than 1000 posts in your blog, you probably need to change the default value.

If the authenticating is successful then we will get the list of posts from the blog. So, we have to filter the URL of images from the contents. Initially, I was thinking to filter <img> tag from the content. But there are some cases that we used big image in <A> tag and small images in <img> tag. So, I decided to filter the <img> tag and <a> tag from the contents based on the extensions (*.jpg, *.png, *.gif) by using regular expression. After that, I shows the list of URLS in ListView.

When the user clicks “Download” button, I start downloading the image one by one. (Note: I used C# downloader class which is written by Shailen Sukul in this example. ) Based on the URL, the program will create the directory accordingly. For example, If the image URL is “http://your.wp.com/2009/09/image1” then the program will create the directories like “09” folder under “2009” folder under “/Downloaded Images/” folder. So, you can easily upload all of your images to your new host via FTP.

That’s all about how Bulk Image Downloader works. If you have any question, please let me know.

FAQs

1. Can you make the better UI for this program?

Yes. Of course. I’m thinking to change this Windows Form to WPF version so that you will definitely get the better UI for this program.

2. The form is freeze while downloading the images. Why?

Sorry about this issue. For the time being, all processes are running in single thread so that UI will be freeze while processing. I will separate the UI and logic into different thread in next release.

3. Can I request new feature?

Yes. Of course. This is the main reason why I released it as alpha. Feel free to drop a comment in this post. I will make a list of feature requests and will be added in next version.